Mehtod and apparatus for fraud control in cellular telephone systems utilizing RF signature comparison

ABSTRACT

A method and apparatus for fraud control in cellular telephone systems. Call records from a switch are scanned to identify a fraudulent cellular phone based on its behavior. An identifier, e.g., a radio frequency (RF) signature, representative of the fraudulent phone is stored in a control channel editor at a cell site. A database of identifiers may comprise a positive validation database storing the identifiers for all valid phones used in the cellular telephone system, or it may be a negative validation database storing the identifiers for known fraudulent phones. A control channel editor intercepts a call origination request transmitted by a phone, and a control processor compares one or more characteristics of the phone transmitting the call origination request to the database of identifiers. The control processor then prevents the call origination request from completing when the comparison indicates that the phone is fraudulent. The call origination request can be prevented from completing by (1) re-routing the call to a customer service or &#34;fraud hot line&#34; number, (2) interrupting the call origination request, (3) transmitting a &#34;hang-up&#34; message to the phone, (4) transmitting a &#34;hang-up&#34;  message to the cell site, or (5) transmitting a &#34;tear-down&#34; message to a switch

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates in general to radio frequency (RF) communicationsystems, and in particular, to a method and apparatus for fraud controlin cellular modible radiotelephone (CMR) and personal communicationsservices (PCS) systems.

2. Description of Related Art

Cellular telephones combine the mobility of the radio link and theworld-wide land telephone network to provide a communication link to anyother telephone in the world. However, as cellular phones have becomemore prevalent throughout the country, fraud has become a major problem.Cellular fraud robs service providers of hundreds of millions of dollarsevery year. Like all crimes, there are several varieties of cellularfraud, including "cloning."

Cloning fraud, which occurs when a legitimate subscriber's MIN/ESNcombination is used for illegal purposes, is among the mostsophisticated and difficult forms of fraud to prevent. Often, the piratewill use simple electronic devices to "capture" the legitimate MIN/ESNcombination during its transmission by radio frequency (RF). In thesecases, the legitimate subscriber often does not know fraud is beingcommitted with his or her MIN/ESN combination until they receive thebill. This is currently the most popular method of gaining illegalaccess to a cellular system, because the legitimacy of the stolenMIN/ESN combinations makes cloning difficult to catch.

There are certain steps that can be taken to prevent cloning fraud. Insome instances, carriers block calls to certain destinations, or impose"brownouts" on calls using specified MIN codes, particularly oninternational calls, that have been previously abused. Although drastic,this method currently is often the only way to stop cloning fraud.

The eventual release of digital cellular phones into the mass marketwill provide another avenue for fraud. Digital phones will also besusceptible to new and improved criminal techniques for stealing MIN/ESNcombinations. Thus, carriers are forced to seek other methods ofdetecting and preventing fraudulent calls.

Several companies, including Electronic Data Systems (EDS) andSubscriber Computing, Inc. (SCI) have developed anti-cloning productsthat analyze calling patterns using call records. For example, EDS' PCCCloning Detection System and SCI's Fraud Watch System are designed to beinterfaced with cellular switches, so that call information can becollected after the calls have been completed. These systems can be usedto identify calling patterns in the collected information that indicatefraudulent usage.

These systems typically allow operators to specify certain criteria toidentify fraud. These criteria may include number of calls per hour,call durations, number of minutes used by a specific phone within anhour, number of international or toll calls per hour, and calls tospecific countries or NPA/NXXX codes. Operator can also identifyfraudulent usage by the specific number dialed for those numbers thathave been previously identified as a number called by fraudulentcallers. The call records of cellular phones meeting any number ofcriteria can be viewed online or printed.

Although they cannot prevent cloning fraud, such systems providecarriers with a method of identifying cloning fraud, so that losses canbe tabulated. Unfortunately, current methods can only detect or monitorfraud after the caller hangs up, and provide no way to stop fraud. Thus,there is a need in the art for techniques that enhance the use ofanalyzed call patterns to deny pirates the use of cellular telephonesystems.

SUMMARY OF THE INVENTION

To overcome the limitations in the prior art described above, and toovercome other limitations that will become apparent upon reading andunderstanding the present specification, the present invention disclosesa method and apparatus for fraud control in RF communications systems,and cellular telephone systems in particular. Call records are scannedto identify a fraudulent cellular phone based on its behavior. Anidentifier, for example, an RF signature, representative of thefraudulent cellular phone is stored in fraud control equipment locatedat a cell site. A database of identifiers may comprise a positivevalidation database storing the identifiers for all valid cellularphones used in the cellular telephone system, or it may be a negativevalidation database storing the identifiers for known fraudulentcellular phones. A control channel editor intercepts a call originationrequest transmitted from a cellular phone to the cell site, and comparesone or more characteristics of the cellular phone transmitting the callorigination request to the database of identifiers. The control channeleditor then prevents the completion of the phone call when thecomparison indicates that the cellular phone is fraudulent. The callorigination request can be prevented from completing by (1) re-routingthe call to a customer service or "fraud hot line" number, (2)interrupting the call origination request, (3) transmitting a "hang-up"message to the phone, (4) transmitting a "hang-up" message to the cellsite, or (5) transmitting a "tear-down" message to a switch.

BRIEF DESCRIPTION OF THE DRAWINGS

Referring now to the drawings in which like reference numbers representcorresponding elements throughout:

FIG. 1 is a block diagram illustrating the components of the presentinvention;

FIG. 2 is a block diagram illustrating the components of the presentinvention including an emitter detect; and

FIG. 3 is a block diagram further illustrating the components of thecentralized fraud control system used in the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

In the following description of the preferred embodiment, reference ismade to the accompanying drawings which form a part hereof, and in whichis shown by way of illustration, a specific embodiment in which theinvention may be practiced. It is to be understood that otherembodiments may be used and changes may be made without departing fromthe scope of the present invention.

Overview

The present invention provides a method and apparatus for fraudulentcontrol in controlled access wireless communications systems, includingcellular mobile radiotelephone (CMR) systems, personal communicationsservices (PCS) systems, and specific multiuser radio (SMR) systems. Thepresent invention identifies fraudulent cellular phones by past behaviorand a unique identifier, and then denies these cellular phones anyfurther use of the cellular network. The present invention also hasapplication to system monitoring of cell site and subscriber phoneperformance, cellular phone location services, and other applications.

FIG. 1 is a block diagram illustrating a component of the presentinvention. A control channel editor 10 comprises receive side componentsincluding an FM receiver 12, data demodulator 14, delay memory logic 16,data modulator 18 and an FM transmitter 20, and transmit side componentsincluding an FM receiver 22, data demodulator 24, data controller 26,data modulator 28 and an FM transmitter 30.

The control channel editor 10 is coupled to the RF distribution cablingfrom the cell site antennae 32 and to the cell site control channelequipment 34. Since the control channel editor 10 deals with a standardRF interface, it can be used with any cell site equipment 34. Moreover,the operation of the control channel editor 10 is transparent tocellular phone users during normal operation, and acts only to interruptthe placement of calls by fraudulent cellular phones.

In order to provide the level of reliability required in a publicservice system, fail-safe relays 36 and 38 are provided to allow normaloperation of the cell site equipment should a malfunction occur withinthe control channel editor 10. If the control channel editor 10 fails inany way, the relays 36 and 38 will be de-energized, so that controlchannel editor 10 is bypassed.

A control processor 40 is coupled to the control channel editor 10 viathe delay memory logic 12 and the data controller 26. Also coupled tothe control processor is a call termination signal generator 42, an RFsignature system 44, a switch 46, and a centralized fraud control system48.

Upon further reading of this specification, those skilled in the artwill recognize that not all of the various components shown in FIG. 1are required to practice the present invention. Moreover, differentcombinations of the components from those illustrated herein may beused, as described in more detail below. In addition, the connectionsbetween components made be modified from those illustrated herein,depending on the method of fraud control used.

Operation

When a user first turns on his cellular telephone, the cellular phonescans and identifies the set-up or control channels being received. Thecellular phone then selects and tunes to the strongest control channelsignal, presumably from the nearest cell transmitter. Transmitted"busy-idle" bits inform the cellular phone of the status of the reversesignalling portion (phone to cell site) of the control channel toprevent simultaneous seizure by more than one cellular phone. There areother handshake and timing checks to guard against collisions betweencellular phones.

The cellular phone automatically registers with the cellular system whenit is powered on. At registration, the phone sends its mobileidentification number (MIN), electronic serial number (ESN), stationclass mark, etc., to the cell site. Depending upon system procedures,registration can verify that service for the cellular phone isavailable, or that the cellular phone is not on a "hot list" relating tounauthorized use or stolen phones. However, unless the MIN/ESNcombination is on the "hot list," registration will not identify cloningfraud. After registration, the cellular phone then turns-off itstransmitter, although it continues to monitor the selected controlchannel for incoming calls.

When a call is originated from the cellular phone, the subscriber entersthe dialed digits of the called number, which are temporarily stored inthe cellular phone, and presses the "send" key. The cellular phone thengoes "off-hook," and scans and selects the strongest control channel.When a "busy-idle" bit signifies that the control channel is idle, thephone sends a data stream to the cell site, including its identification(MIN/ESN) and the dialed digits of the called number.

In one embodiment of the present invention, the signalling data streamfrom the cellular phone is received as RF signals at the antennae 32 ofthe cell site. The RF signals are coupled from the antennae 32 to the FMreceiver 12, and then demodulated by data demodulator 14. At theappropriate time, the transmit side components of the control channeleditor 10 toggle the busy/idle bit in the signalling data stream to thecellular phone. This "handshake" lets the cellular phone known that thecell site is receiving the control signal. The data stream is thenstored at delay memory logic 16, so that the call origination requestrepresented thereby can be delayed if necessary until the identity ofthe cellular phone is verified. The data stream is also transmitted tothe control microprocessor 40, which uses one or more of a plurality ofidentification techniques to determine whether the cellular phone isfraudulent. After the control microprocessor 40 completes itsidentification, and has determined that the cellular phone is notfraudulent, the data stream is re-modulated by data modulator 18 to thesame frequency and then transmitted to a control channel transceivercomponent (not shown) of the cell site equipment 34 by the FMtransmitter 20. To complete the call set-up, the control channeltransceiver component of the cell site equipment 34 transmits the voicechannel assignment to the transmit side components of the controlchannel editor 10. The transmit side components of the control channeleditor 10 transmit the voice channel assignment to the cellular phoneand to the control processor 40.

If the cellular phone is identified as fraudulent, then the controlprocessor 40 and control channel editor 10 can use one or more of aplurality of different methods to handle the call origination. Forexample, one method may completely interrupt or deny the call set-up, sothat the data stream received from the cellular phone is not transmittedto the control channel transceiver of the cell site equipment 34.Another method may alter the dialed phone number embedded in the datastream, so that the call is re-routed to a customer service phone numberor "fraud hot line" phone number instead of the phone number dialed bythe user. Both of these methods would preferably use a fastidentification technique in the control microprocessor 40, e.g.,identification within 0.5 seconds, so that calls are not adverselyaffected by slow call origination response. Moreover, this method wouldrequire only the receive side components of the control channel editor10.

Still another method may send release, reorder, maintenance, orinterrupt order commands to the cellular phone using the transmit sidecomponents of the control channel editor 10. While this method could beused with a fast identification technique, it is also readily used withslower identification techniques, e.g., identification within onesecond. Moreover, this method would require both the receive side andtransmit side components of the control channel editor 10, although thereceive side components may only need to "tap" into the reversesignalling data streams and may not have to delay and/or re-build thedata streams.

Yet another method may transmit a call termination signal to a voicechannel transceiver (not shown) of the cell site equipment 34 using thecall termination signal generator 42. The particular voice channeltransceiver is identified by the voice channel assignment informationprovided to the control processor 40 by the transmit side components ofthe control channel editor 10. The call termination signal generator 42instructs the cell site equipment 34 that the user has "hung up" hisphone, so that the cell site equipment 34 then also hangs up. While thismethod could be used with a fast identification technique, it alsopermits the use of slower, more complex identification techniques, e.g.,identification taking more than one second. Moreover, the calltermination could occur at any point during the call, so there is notime limit for the identification techniques. However, the methodgenerates call records that will need to be resolved during the billingcycle to avoid billing the valid customers for the fraudulent calls.

Still yet another method may transmit a call termination command to theswitch 46 from the control microprocessor 40. This command wouldinstruct the switch 46 to terminate the call. While this method could beused with a fast identification technique, it also permits the use ofslower, more complex identification techniques, e.g., identificationtaking more than one second. The call termination could occur at anypoint during the call, so there is no time limit for the identificationtechniques. Moreover, this method may only require the receive sidecomponents of the control channel editor 10 for "tapping" the signallingdata stream from the cellular phone, and thus may not have to delayand/or re-build the data streams. However, the method generates callrecords that will need to be resolved during the billing cycle to avoidbilling the valid customers for the fraudulent calls.

The identification techniques performed by the control microprocessor 40would compare the cellular phone placing the call against anidentification database. These comparisons may be performed against anegative validation database (containing known fraudulent cellularphones) or a positive validation database (containing all knownnon-fraudulent cellular phones). Typically, a negative validationdatabase would be preferred, because it would be smaller and morereadily searched, thereby limiting the amount of time the comparisonwould require. Moreover, with the negative validation database,secondary pattern data, such as call history, called number, callfrequency, call time, station, class, etc., can be used to validate aclose match.

The identification techniques performed by the present invention cancomprise one or more of a plurality of different methods. For example,known "cloned" MIN/ESN combinations can be denied access to the cellulartelephone system, although this is easily circumvented by the piratere-programming the fraudulent cellular phone. Another technique woulduse the MIN/ESN combination to look-up one or more known station classmarks of the corresponding cellular phone, compare the known stationclass marks to the station class mark transmitted to the cell site bythe cellular phone, and deny access when a mismatch occurs. Stillanother technique would compare the dialed phone digits to "suspect"phone numbers uncovered during the analysis of prior fraudulent cellularphone calls, and deny calls placed to those suspect phone numbers. Anidentification technique based on the comparison of RF signatures forthe cellular phones could also be used to identify fraudulent cellularphones. The use of RF signature identification is important because itprovides a way of independently identifying the fraudulent phone withusing the ESN or MIN. Moreover, the use of RF signature identificationcan be used nationally to prevent roaming fraud.

RF Signature Identification

FIG. 2 is a block diagram further illustrating the components of the RFsignature system 44. The RF signature system 44 typically comprises anFM receiver 50, analog-to-digital (A/D) convertor 52, and a digitalsignal processor (DSP) 54. From existing antennae 32, the received RFsignal is sent to the FM receiver 50 that operates in the 824 MHz to 894MHz range and has repeatable performance characteristics, including flatfrequency and phase response, low phase noise, high dynamic range,stable amplitude, and accurate automatic gain control. The A/D convertor52, which converts the analog output from the FM receiver 50 intodigital data, preferably has a minimum sample rate of 3.2 MHz toaccommodate a bandwidth greater than or equal to 1.25 MHz. The DSP 54performs the necessary calculations using the digital output of the A/Dconvertor 52 to determine the RF signature of the cellular phone. TheDSP 54 encodes measured characteristics of the cellular phone into adigital RF signature descriptor data stream.

The control microprocessor 40 compares the digital RF signaturedescriptor data stream to a database of RF signatures of knownfraudulent cellular phones (negative validation) or with a database ofRF signatures of all non-fraudulent cellular phones (positivevalidation). In a positive validation database, the combination of RFsignature with the associated MIN/ESN combination would most likelyprove to be "uncloneable." In a negative validation database, secondarypattern data, such as the cell site, MIN/ESN combination, call history,the called number, call frequency, call time, station, class, etc., canbe used to validate a close match.

The technique of identifying an RF signature is not new in the art, andhas been previously used in military and intelligence applications. Anexample of an apparatus for characterizing a radio transmitter can befound in U.S. Pat. No. 5,005,210 issued Apr. 2, 1991, to Ferrell,incorporated by reference herein. Other examples include technologydeveloped by the Electromagnetic Systems Laboratory of TRW, Inc.

The characteristics used in creating the RF signature should beconsistent over time, temperature, battery voltage, orientation,location, use of car kits, etc., and yet be distinctive betweenindividual cellular phones. Usually, the RF signature can be anyunintentional modulation that is unique to the specific cellular phone.Because of fading due to multipath transmissions, amplitude data willtypically be distorted, and thus the characteristics used shouldpreferably comprise phase or frequency type characteristics that areless affected by the cellular environment.

These characteristics can include, but are not limited to, turn-ontransmitting amplitude, frequency or phase modulation versus time, thetime between turn-on and onset of data, phase and frequency modulationduring that delay, the initial amplitude, phase and frequency modulationwhen data transmission starts, transmission bit times, total times,timing jitter, rise and fall timing, carrier turn-off time, modulationdeviation and distortion, modulation phase, bit to bit modulationvariations, demodulation spectrum, spurious transmitter data, etc.

Some or all of these various characteristics can be used by the DSP 54to create an RF signature unique for a given cellular phone. Preferably,the DSP 54 then condenses the selected characteristics into a digital RFsignature descriptor data stream having a compact format that is easy totransmit from place to place. For example, the digital RF signaturedescriptor data stream can be transmitted to a control processor 40 andcentralized fraud control system 48 for storage and later inclusion intopositive and negative validation databases.

Centralized Fraud Control System

FIG. 3 is a block diagram further illustrating the components of thecentralized fraud control system 48.

The fraud control system comprises a CPU 56, one or more monitors 58, adata link 60 to a port of the switch 46, a data link 62 to the controlmicroprocessor 40, and (optionally) databases for call records 64, RFsignatures 66, positive validation 68 and negative validation 70.

The fraud control system 48 performs real-time data collection of callrecords from the cellular telephone switch 46 into a call database 64.Using a behavior profiling algorithm, the fraud control system 48 scansthe call records in the database 64 and extracts records correspondingto probable fraudulent activity. The behavior profiling algorithmidentifies and flags specific activities represented within thedifferent fields of the call records, including time, duration, cell,dialed digits, etc. Relative probabilities are assigned to the specificactivities identified and flagged within the call records.

Some example criteria and their relative probabilities are describedbelow:

1. Excessive call duration threshold made by a cellular phone within agiven time period. For example, more than one long duration call perhour could result in the assignment of 15 points towards an alarmthreshold.

2. Excessive number of call attempts made by a cellular phone within agiven time period. For example, more than one call attempt per hourcould result in the assignment of 15 points towards an alarm threshold.

3. All domestic toll call attempts made by a cellular phone within agiven time period. For example, each domestic toll call attempt per hourcould result in the assignment of 13 points towards an alarm threshold.

4. All international toll call attempts made by a cellular phone withina given time period. For example, each international toll call attemptper hour could result in the assignment of 20 points towards an alarmthreshold.

5. All three-way conference calls made by a cellular phone within agiven time period. For example, each three-way conference call attemptper hour could result in the assignment of 17 points towards an alarmthreshold.

6. Excessive number of call attempts to specific NPA/NXXX codes made bya cellular phone within a given time period. For example, more than onecall attempt per hour could result in the assignment of 15 pointstowards an alarm threshold.

7. Any calls with identical MIN/ESN that overlap for more than 59seconds. 100 points.

8. Any calls to a known phone number previously called by fraudulentcellular phones under the assumption that "who you call is who you are."100 points.

9. Any calls from a cellular phone to the number of a known fraudulentcellular phone under the assumption (verified by a 70% correlation) thatthe cellular phone placing the call is fraudulent as well. 100 points.

These criteria and associated probabilities are the result of trial anderror investigation by the Assignee, and have been validated throughexperience. Nonetheless, those skilled in the art will recognize thatother criteria and probabilities could be substituted for thosedescribed above, without departing from the scope of the presentinvention.

The fraud control system 48 indexes all call records in the calldatabase 64 linked to a specific MIN/ESN combination and the relativeprobabilities are accumulated towards an alarm threshold. The alarmthreshold reflects an accumulated probability within some definedperiod, e.g., accumulating 100 probability points within one hour. Thealarm threshold may be reached immediately, as when one call overlapsanother with an identical MIN for more than 59 seconds.

If the alarm threshold is reached, the MIN/ESN combination is identifiedas a fraudulent cellular phone. In some cases, these identifications offraudulent cellular phones are performed automatically by the fraudcontrol system 48. In other cases, these identifications of fraudulentcellular phones are performed automatically by the fraud control system48, and then verified through the intervention of an operator.

Once a fraudulent cellular phone is identified by the fraud controlsystem 48, the positive and/or negative validation databases 68 and.70are updated to reflect the identification. The updates may include allmanner of phone-specific information, such as the RF signature from theRF signature database 66, and the MIN/ESN combination, the associatedstation class marks of the phone, "suspect" dialed numbers, etc., fromthe call database 64 and/or a subscriber information database (notshown). In addition, the local database used by the controlmicroprocessor 40 is updated to prevent further access by the fraudulentcellular phone.

Conclusion

This concludes the description of the preferred embodiment of theinvention. The following paragraphs describe some alternative methods ofaccomplishing the same invention.

In addition to cellular telephone systems, those skilled in the art willrecognize that the present invention can be applied to other mobileradios, personal communications systems, paging systems, aircraftcommunications, satellite communications, as well any othercontrolled-access radio frequency communications systems.

Rather than using the specific components and combinations of componentsdescribed herein, those skilled in the art will recognize that othercomponents and combinations of components could be substituted thereforwithout departing from the scope of the present invention. Moreover, theconnections between various components may be modified from thoseillustrated herein.

Rather than using the specific methods and process steps describedherein, those skilled in the art will recognize that other methods andsteps could be substituted therefor without departing from the scope ofthe present invention.

In summary, a method and apparatus for fraud control in cellulartelephone systems has been described. Call records from a switch arescanned to identify a fraudulent cellular phone based on its behavior.An identifier, e.g., a radio frequency (RF) signature, representative ofthe fraudulent cellular phone is stored in a control channel editor at acell site. A database of identifiers may comprise a positive validationdatabase storing the identifiers for all valid subscribers of thecellular telephone system, or it may comprise a negative validationdatabase storing the identifiers for known fraudulent cellular phones. Acontrol channel editor intercepts a call origination request transmittedfrom a cellular phone to the cell site, and a control processor comparesone or more characteristics of the cellular phone transmitting the callorigination request to the database of identifiers. The controlprocessor then prevents the call origination request from completingwhen the comparison indicates that the cellular phone is fraudulent. Thecall origination request can be prevented from completing by (1)re-routing the call to a customer service or "fraud hot line" number,(2) interrupting the call origination request, (3) transmitting a"hang-up" message to the phone, (4) transmitting a "hang-up" message tothe cell site, or (5) transmitting a "tear-down" message to a switch.

The foregoing description of the preferred embodiment of the inventionhas been presented for the purposes of illustration and description. Itis not intended to be exhaustive or to limit the invention to theprecise form disclosed. Many modifications and variations are possiblein light of the above teaching. It is intended that the scope of theinvention be limited not by this detailed description, but rather by theclaims appended hereto.

What is claimed is:
 1. An apparatus for preventing fraud in a cellulartelephone system, comprising:(a) RF signature means, coupled to anantenna at a receiving site in the cellular telephone system, forreceiving radio frequency (RF) signals from a cellular telephone and forrepresenting the RF signals as a digital RF signature substantiallyunique to the radiotelephone; and (b) a control processor, coupled tothe RF signature means, for comparing the digital RF signature to adatabase of stored identifiers when a call is received from the cellulartelephone, for determining whether the cellular telephone is fraudulentbased on the comparison, and for interrupting the call from the cellulartelephone when the comparison indicates that the cellular telephone isfraudulent.
 2. The apparatus as set forth in claim 1 above, wherein themeans for interrupting comprises means for replacing a called numberembedded in a call origination request received from the cellulartelephone with a predetermined fraud redirection number.
 3. Theapparatus as set forth in claim 1 above, wherein the means forinterrupting comprises means for transmitting a "hang-up" command to thecellular telephone system when the comparison indicates that thecellular telephone is fraudulent.
 4. The apparatus as set forth in claim1 above, wherein the means for interrupting comprises means fortransmitting a "hang-up" command to the cellular telephone when thecomparison indicates that the cellular telephone is fraudulent.
 5. Theapparatus as set forth in claim 1 above, wherein the control processoris coupled to a switch, and the means for interrupting comprises meansfor transmitting a "tear-down" command to the cellular telephone systemwhen the comparison indicates that the cellular telephone is fraudulent.6. The apparatus as set forth in claim 1 above, wherein the database isa positive validation database comprising the digital RF signatures forall valid cellular telephones used in the cellular telephone system. 7.The apparatus as set forth in claim 1 above, wherein the database is anegative validation database comprising the digital RF signatures forknown fraudulent cellular telephones.
 8. The apparatus as set forth inclaim 1 above, wherein the control processor further comprises means forcomparing a profile of the cellular telephone to stored identifiers todetermine whether the cellular telephone is fraudulent when thecomparison of the digital RF signature indicates a close, but not exact,match, wherein the stored identifiers comprise one or more of thefollowing:a mobile identification number (MIN) transmitted from thecellular telephone, an electronic serial number (ESN) transmitted by thecellular telephone, a called number transmitted by the cellulartelephone, a receiving site receiving the call, a frequency of callsreceived from the cellular telephone for a specified time period, and anamount of time the cellular telephone has been in use for a specifiedtime period.
 9. The apparatus as set forth in claim 1 above, furthercomprising:(c) a fraud processor, coupled to the control processor and aswitch, for receiving call records from the switch, for analyzing thecall records to identify fraudulent cellular telephones based on thebehavior described in the call records, and for transmitting anidentifier representative of the fraudulent cellular telephone to thecontrol processor.
 10. A method for preventing fraudulent calls in acontrolled access radiotelephone system, comprising the steps of:(a)scanning call records from a switch to identify fraudulentradiotelephones based on their behavior; (b) storing an identifier foreach of the fraudulent radiotelephones in an electronic memory, whereinthe identifier is a digital radio frequency (RF) signaturerepresentative of a characteristic of RF signals transmitted by thefraudulent radiotelephone; (c) receiving a call transmitted from aradiotelephone; (d) detecting the characteristic of the RF signalstransmitted by the radiotelephone transmitting the call; (e) generatingthe digital RF signature from the detected characteristic; (f) comparingthe digital RF signature to the stored identifiers in the electronicmemory; and (f) preventing the call from completing when the comparisonindicates that the radiotelephone is fraudulent.
 11. The method as setforth in claim 10 above, wherein the preventing step comprises the stepof re-routing the call when the comparison indicates that theradiotelephone is fraudulent.
 12. The method as set forth in claim 10above, wherein the preventing step comprises the step of interruptingthe call when the comparison indicates that the radiotelephone isfraudulent.
 13. The method as set forth in claim 10 above, wherein thepreventing step comprises the step of transmitting a "hang-up" commandto the radiotelephone system when the comparison indicates that theradiotelephone is fraudulent.
 14. The method as set forth in claim 10above, wherein the preventing step comprises the step of transmitting a"hang-up" command to the radiotelephone when the comparison indicatesthat the radiotelephone is fraudulent.
 15. The method as set forth inclaim 10 above, wherein the preventing step comprises the step oftransmitting a "tear-down" command to the radiotelephone system when thecomparison indicates that the radiotelephone is fraudulent.
 16. Themethod as set forth in claim 10 above, wherein the comparing stepfurther comprises comparing a profile of the radiotelephone to storedidentifiers to determine whether the radiotelephone is fraudulent, whenthe comparison of the digital RF signature indicates a close, but notexact, match, wherein the stored identifiers comprise one or more of thefollowing:a mobile identification number (MIN) transmitted from theradiotelephone, an electronic serial number (ESN) transmitted from theradiotelephone, a called number transmitted from the radiotelephone, areceiving site receiving the call, a frequency of calls received fromthe radiotelephone for a specified time period, and an amount of timethe radiotelephone has been in use for a specified time period.